Preview Image

Exploiting XXE using external entities to retrieve files

Laboratorio de Portswigger sobre XXE

Nov 27, 2024 Portswigger Labs, XXE

Preview Image

Remote code execution via polyglot web shell upload

Laboratorio de Portswigger sobre File Upload

Nov 25, 2024 Portswigger Labs, File Upload

Preview Image

Web shell upload via obfuscated file extension

Laboratorio de Portswigger sobre File Upload

Nov 25, 2024 Portswigger Labs, File Upload

Preview Image

Web shell upload via extension blacklist bypass

Laboratorio de Portswigger sobre File Upload

Nov 25, 2024 Portswigger Labs, File Upload

Preview Image

Web shell upload via path traversal

Laboratorio de Portswigger sobre File Upload

Nov 25, 2024 Portswigger Labs, File Upload

Preview Image

File path traversal, validation of file extension with null byte bypass

Laboratorio de Portswigger sobre Path Traversal

Nov 24, 2024 Portswigger Labs, Path Traversal

Preview Image

File path traversal, validation of start of path

Laboratorio de Portswigger sobre Path Traversal

Nov 24, 2024 Portswigger Labs, Path Traversal

Preview Image

File path traversal, traversal sequences stripped with superfluous URL-decode

Laboratorio de Portswigger sobre Path Traversal

Nov 24, 2024 Portswigger Labs, Path Traversal

Preview Image

File path traversal, traversal sequences stripped non-recursively

Laboratorio de Portswigger sobre Path Traversal

Nov 24, 2024 Portswigger Labs, Path Traversal

Preview Image

File path traversal, traversal sequences blocked with absolute path bypass

Laboratorio de Portswigger sobre Path Traversal

Nov 24, 2024 Portswigger Labs, Path Traversal